Lincoln

Release 3.3 is a fourteenth midPoint Identity and Access Management release code-named Lincoln. The 3.3 release brings major GUI look&feel improvements and miscellaneous new features that improve practical usability of midPoint.

Release date: 1st December 2015

Abraham Lincoln

Abraham Lincoln (1809-1865) was the 16th president of the United States of America. He lead the United States through Civil War. His leadership significantly contributed to the abolition of slavery and modernization of society and economy. He is one of the most venerated heroes in American history.

President Lincoln is perhaps best known for the Amendment to the Constitution that outlawed slavery. However he also supported internal improvements of society (businesses, banks, railroads) and orderly progress. That is one of the reasons that midPoint version 3.3 bears his name. MidPoint 3.3 brings numerous improvements and features that together significantly improve the overall experience. MidPoint user interface has a new look and feel. The self-service is now explicitly emphasized in the user interface and it brings "power to the people". There are many more subtle improvements to both user interface and internal midPoint logic that significantly improve usability. MidPoint 3.3 is also a success in community-building as it has the highest number of external contributions in the entire midPoint history.

Credits

Majority of the work on the Lincoln release was done by the Evolveum team. However, this release would not be possible without the help of our partners, customers, contributors, friends and families. We would like to express a great gratitude to all the people that contributed to the midPoint project.

Special thanks to University of Illinois

MidPoint version 3.3 is named after Abraham Lincoln, one of the greatest presidents of the United States of America. He was born in Illinois where he also started his career. By naming midPoint 3.3 after one of the greatest sons of Illinois we would like to express our special thanks to the University of Illinois for their support.

We would also like to thank:

AMI Praha for their support and numerous contributions to the midPoint project.

WWK for ideas that made midPoint a better project, contributions and support.

XPath2 scripting is deprecated and it is not supported in Java8 environment.

Quality

Release 3.3 (Lincoln) is intended for full production use in enterprise environments. All features are stable and well tested.

Limitations

MidPoint 3.3 comes with a bundled LDAP-based eDirectory connector. This connector is stable, however it is not included in the normal midPoint support. Support for this connector has to be purchased separately.

MidPoint 3.3 comes with a bundled LDAP-based Active Directory connector. This connector is considered experimental and it is not supported for production use.

Platforms

MidPoint is known to work well in the following deployment environment. The following list is list of tested platforms, i.e. platforms that midPoint team or reliable partners personally tested this release. The version numbers in parentheses are the actual version numbers used for the tests. However it is very likely that midPoint will also work in similar environments. Also note that this list is not closed. MidPoint can be supported in almost any reasonably recent platform (please contact Evolveum for more details).

Java 8 environment is supported for running midPoint. It is not supported for building yet. To build midPoint from source code Java 7 is still required.Java 6 environment is no longer supported.

Web Containers

Apache Tomcat 6 (6.0.32, 6.0.33, 6.0.36)

Apache Tomcat 7 (7.0.29, 7.0.30, 7.0.32, 7.0.47, 7.0.50)

Apache Tomcat 8 (8.0.14, 8.0.20)

Sun/Oracle Glassfish 3 (3.1)

BEA/Oracle WebLogic (12c)

Databases

H2 (embedded, only recommended for demo deployments)

PostgreSQL (8.4.14, 9.1, 9.2, 9.3, 9.4)

MySQL (5.6.26) Supported MySQL version is 5.6.10 and above (with MySQL JDBC ConnectorJ 5.1.23 and above). MySQL in previous versions didn't support dates/timestamps with more accurate than second fraction precision.

Oracle 11g (11.2.0.2.0)

Microsoft SQL Server (2008, 2008 R2, 2012, 2014)

Unsupported Platforms

Following list contains platforms that midPoint is known not to work due to various issues. As these platforms are obsolete and/or marginal we have no plans to support midPoint for these platforms.

Upgrade

Upgrade from midPoint 2.x

Upgrade from version 2.x is possible but it is not publicly supported. It requires several manual steps. Evolveum provides this upgrade as part of the subscription or professional services.

Upgrade from midPoint 3.0, 3.1 and 3.1.1

Upgrade path from MidPoint 3.0 goes through midPoint 3.1 and 3.1.1. Upgrade to midPoint 3.1 first (refer to the midPoint 3.1 release notes). Then upgrade from midPoint 3.1 to 3.1.1, from 3.1.1 to 3.2 and then to 3.3.

Upgrade from midPoint 3.2

MidPoint 3.3 data model is essentially backwards compatible with midPoint 3.2. However as the data model was extended in 3.3 the database schema needs to be upgraded using the usual mechanism.

MidPoint 3.3 is a release that fixes some issues of previous versions. Therefore there are some changes that are not strictly backward compatible.

The default value for user activation has been changed. In midPoint 3.2 and earlier the user that has no clear activation specification (missing activation section or administrative status and validity timestamps that haven't defined any specific state) was considered to be inactive (disabled). In midPoint 3.3 such user is considered active (enabled). This change was made to align the mechanism used to compute activation of users and other focal objects (roles, orgs).

The default value for expression allowEmptyValues setting has been unified. In the previous versions the non-scripting expressions assumed the value of true, while the scripting expresions assumed the value of false. The default value was changed to false for all expression types. The setting of allowEmptyValues in the scrip expression is now deprecated in favor of allowEmptyValues property in the expression (ExpressionType) which has the same meaning. This change should only affect scripts that return empty values (empty strings). In case of such expressions the setting has to be explicitly set to false to maintain compatible behavior. This change does not affect the processing of null values, it only changes the processing of empty strings and polystrings.

XPath2 scripting is deprecated and it is not supported in Java8 environment.

Changes in initial objects since 3.2

MidPoint has a built-in set of "initial objects" that it will automatically create in the database if they are not present. This includes vital objects for the system to be configured (e.g. role superuser and user administrator). These objects may change in some midPoint releases. But to be conservative and to avoid configuration overwrite midPoint does not overwrite existing objects when they are already in the database. This may result in upgrade problems if the existing object contains configuration that is no longer supported in a new version. Therefore the following list contains a summary of changes to the initial objects in this midPoint release. The complete new set of initial objects is in the config/initial-objects directory in both the source and binary distributions. Although any problems caused by the change in initial objects is unlikely to occur, the implementors are advised to review the following list and assess the impact on case-by-case basis:

Background and History

midPoint is roughly based on OpenIDM version 1. When compared to OpenIDM v1, midPoint code was made significantly "lighter" and provides much more sophisticated features. Although the architectural outline of OpenIDM v1 is still guiding the development of midPoint almost all the OpenIDM v1 code was rewritten. MidPoint is now based on relative changes and contains advanced identity management mechanisms such as advanced RBAC, provisioning consistency and other advanced IDM features. MidPoint development is independent for more than two years. The development pace is very rapid. Development team is small, flexible and very efficient. Contributions are welcome.